IT consulting and tech support blog
Battling fake Microsoft Support scammers
Published November 10, 2014
Fake antivirus support is a problem. We know fake “Microsoft representatives” call targeted Windows users to persuade them that their computers are inundated with warnings and errors as shown in the Windows Event Viewer, a legitimate Microsoft application that lists system information. We even watched Jerome Segura, a senior security researcher at Malwarebytes—catch some of these over-the-phone tactics on video.
Unfortunately it seems scammers still use the telephone to cold call folks pretending to work for Microsoft (or some other reputable software company) in order to convince users that their computer needs “fixing.” But as users get smarter, scammers get bolder. Recently, scammers have begun claiming that they need immediate remote access to computers in order to fix security threats. Once they convince the user to allow them remote access in order to “take care of the problem,” these savvy scammers then suggest installing fake malicious software—in order to “protect” the machine from future infections.
Just a few days ago, this happened to one of our clients. After receiving a phone call from someone claiming to be from “Microsoft Security Services,” Sally, as we’ll call her, was told that her computer had been hacked by someone in Austin, TX, and the “representative” claimed he needed to remote in to fix it right away.
Of course, Sally was panicked—a normal and reasonable reaction. Following the scammer’s instructions, she went to a website, entered a few different numbers, clicked a few “ok” prompts, and then allowed the scammer to take control of her computer. As he worked through these steps with her, he used a few tricks to fool her into thinking that her computer was badly infected when, in fact, it was fine.
In order to trick Sally, the scammer pulled up legitimate, normal IT troubleshooting tools - such as:
Netstat
CPU Monitor
Event viewer
...etc. in order to confuse her. For someone in the IT business, like us, these screens are commonplace and useful for regular computer maintenance; for others, these look like a bunch of numbers and error messages which make no sense and cause serious alarm or fear that the computer is terribly at risk.
After driving this fear home, the scammer told Sally he could fix the problem for a fee. Sally then gave him her credit card number, but after a few minutes, the scammer claimed that the credit card transaction had failed and that he would need to try a different card. At that point, Sally said she wanted to call us, her IT support. Of course, the scammer tried to convince her otherwise, but she knew better.
After she told me what happened, I not only recommended she immediately cancel her credit card, but I immediately inspected her machine.
After a few minutes on her computer, I realized something wasn’t right. While I performed various diagnostics, the mouse cursor moved, windows closed, and different things stopped running. Thinking it was Sally, I asked her to wait until I finished checking things out. But it wasn’t Sally. Instead, it was the scammer still connected to the machine, and he was trying to install malware!
Immediately it was a race to win full control of the computer. The scammer closed programs and tools as fast as I could get them open. He eventually tried to lock the machine by installing a fake AV program with a bogus warning, “FBI Has Locked This Computer Due To Fraudulent Activity.” He also tried to encrypt files in order to hold Sally’s data for ransom. Luckily I was able to run a quick series of commands to end the rogue processes, before blocking the scammer’s network access. He could have won; it was close—too close.
You might be wondering, “Isn’t antivirus software supposed to protect my computer from this kind of stuff?” Good question. Here’s our answer: AV software does not, and more importantly, CANNOT protect a computer from every threat out there. You have to think of antivirus software like suspenders on pants. They can go a long way in preventing your pants from falling down, but if you pull hard enough, they will still fall off. AV software is just the same. It can go a long way to prevent your machine from becoming infected, but if you click “yes” enough times and give scammers access to your machine, even the best antivirus software will be defeated.
The biggest lesson to learn: educate yourself. User education is the most important factor to not getting infected and/or scammed. Be cautious before clicking “yes” and NEVER trust someone that calls out-of-the-blue, claiming he or she is from Microsoft or some other well-known software or security company. Microsoft and other such companies will NEVER call you to let you know that your computer is infected and then ask for money to fix it.
(In addition, there are convincing illegitimate websites and pop-up ads designed to trick users into believing that their computers are infected, that they need immediate assistance, and that salvation requires a phone call to the scammer. It’s usually something like, “WARNING: Your computer is severely infected. Call 1-800…”)
NRC’s George Probst films first 360-degree great white shark video
Published November 03, 2014
NRC’s web designer, George Probst, was asked early this year to test out a new underwater camera rig that films 360° footage. George took the Kolor Abyss 360 on his recent great white shark diving trip to Isla de Guadalupe, and was able to capture some close-up footage of great white sharks. As far as we know, this is the first published video footage of great white sharks using this technology. This new technology allows for the video to be viewed from any angle and will create an immersive experience when viewed with a head-mounted display (such as the Oculus Rift).
NRC’s George Probst recognized by Yahoo!
Published July 28, 2014
Many of you know George Probst as NRC’s graphic designer and web developer, but there’s more than marketing in his tool belt. When he’s not working, George has some interesting hobbies: running, Metallica concerts, and…shark diving. At least once a year, he ventures to Guadalupe, Mexico to swim with great white sharks.
Not only does George swim with them, but he has also developed a keen eye for their best poses through underwater photography, which was recently recognized by Yahoo’s Flickr.
“When they come by and look you in the eye, there’s this connection. You get this completely different understanding. There’s a level of respect and awe for this huge animal,” George told the folks at Flickr. “People say, ‘I cant believe you did that. You’re crazy!’ And I tell them, if you were in the water, you wouldn’t think that way.”
George has been diving and photographing sharks in the wild since 2006. Besides sharing photography on Flickr, George also runs TheDorsalFin.com, a website that provides current shark-related news and promotes responsible shark conservation.
The dangers of peer-to-peer-file sharing
Published April 25, 2014
Peer-to-Peer or P2P is a method of sharing of files between two or more computers on the Internet. Users share files via P2P by using peer-to-peer applications such as Gnutella, KaZaA, iMesh, LimeWire, Morpheus, SwapNut, WinMX, AudioGalaxy, Blubster, eDonkey, BearShare etc., and list goes on and on.
How P2P Works
The P2P application takes a piece of allotted data or sometimes whole directories from your hard drive and allows other users to freely download this content, and vice versa. P2P programs are most often used to share music and videos over the Internet. Although sharing, by passing around a CD or DVD is not illegal; sharing by creating multiple copies of a copyrighted work IS illegal. Some P2P programs will share everything on your computer with anyone by default. Much of the P2P activity is automatic and its use is unmonitored. Computers running this software will be busy exchanging files whenever the machine is turned on. Using P2P software can be, and often is very dangerous.
Consequences of Copyright Infringement
Downloading and sharing files which contain copyrighted material is against the law. The responsibility to restrict sharing and monitor the legality of files on your network lies solely with you and/or your employer (if it takes place at work using company equipment).
This is what can happen:
- Legal consequences. Copyright holders may offer a legal settlement option or pursue legal action against you.
- Financial implications. If a copyright holder chooses to pursue legal action, the minimum damage for sharing copyrighted material is $750 per file (in addition to legal and court fees). According to several different news sources, individuals who settled their cases outside of court were forced to pay substantial amounts. There is no way to predict how much you may be required to pay in settlement costs if illegal files are found to be on a machine or being transferred to/from an IP address that you own.
The Digital Millennium Copyright Act (DMCA) makes it a crime to create software that helps distribute copyrighted materials. It also limits an Internet Service Provider’s (ISP) liability if the ISP notifies the alleged infringer and suspends access to illegal copies of copyrighted materials.
There Are Risks Associated With Using P2P Programs
Some of the P2P programs themselves contain “spyware” that allows the author of the program, and other network users, to see what you’re doing, where you’re going on the Internet, and even use your computer’s resources without your knowledge to carry our various activities –the most popular use at this time is to harvest computer power to mine Bitcoins. Another annoyance with this type of software is that once installed, these applications can be almost impossible to remove. In some cases a user has to know which files to remove and which registry entries to edit to completely get rid of the application. Content downloaded via P2P applications can be potentially laced with malware, be legally protected copyright data or be personal and/or private information. Tests carried out by various researchers have revealed that common P2P searches often contain very sensitive, private data including: patent applications, medical information, financial and other personal and business-related information.
Since the computers running the P2P programs are usually connected to a network, they can be used to spread malware. Another risk is that various types of illegal files can be downloaded and re-shared over P2P networks by mistake. Users can even have files placed on their machines without knowing by others who want to share illegal material without getting caught. This tactic allows nefarious users “spoof” their personal network and IP address information. Short explanation: they use YOUR computer network to distribute and share THEIR illegal material so, it’s traced back to YOU and not THEM. So, in the end, YOU will be the one getting the knock on the door from law enforcement.
“Stealing is Stealing and Wrong is Wrong”. There’s no need to use P2P software to enjoy music and movies. There are multiple free and LEGAL options available to watch movies and listen to music. While most of these free services are ad-supported, many also offer very low cost subscription options that, in my personal opinion, are worth every penny and are ad-free!
Legal Alternatives for Downloading
Some of the sites listed here, provide some or all content at no charge. They are funded by advertising or represent artists who want their material distributed for free. This is not an exhaustive list but, it’s a good place to start.
TV shows: Watch TV shows online legally and free->> Hulu TV
Music Listen to music online legally and free->> Pandora (personal favorite), Last.fm , I Heart Radio, Xbox Music and Spotify.
Remember that it’s important to delete any files on any machines which may have been obtained over a P2P network and to also remove the P2P software. Use caution while surfing the internet and use some of the legal alternatives mentioned above for consuming media. If you suspect users on your business network of using P2P software, please don’t hesitate to contact New River Computing for support.
As always, STAY SAFE!
Computers cannot survive by anti-virus software alone
Published February 06, 2014
Over the past few weeks, several widely knows companies have been competing for top spots in many of the major news headlines but, for all the wrong reasons. Retail giant Target, to offer just one recent example, could be forced to pay millions of dollars to cover the direct damages incurred from the recent malware-related data breach that enabled cyber-criminals to steal credit card data from all Target point-of-sale systems located within the United States and Canada. While financial loss is certainly a major concern, the massive hit they will take to their reputation could be incalculable for years to come.
It’s no secret that one of the biggest challenges facing any business is protecting against malware attacks and other cyber-crimes. This recent string of cyber-attacks are some of the biggest (that we know of) in history. They were so massive that the FBI has recently issued a special warning aimed at businesses to tighten up their cyber security infrastructure.
It’s common for most people to say to themselves “As long as Antivirus software is installed and up to date, a computer will be protected.” That’s no longer the case. What worked before doesn’t work now. Standard Antivirus programs are no match for the new zero-day malware outbreaks that are now commonplace in the world of computing. With all of the complex attacks being developed and altered on a daily—sometimes hourly basis, just having Antivirus software installed isn't enough.
Nowadays IT security experts recommend adding a dedicated anti-malware layer to existing endpoint security software to block the barrage of constantly looming cyber threats. That’s why here at New River Computing, we’ve recently started offering Malwarebytes Anti-Malware Enterprise Edition as a part of our overall security portfolio. During our vigorous pre-deployment testing phase, we found that by adding the power Malwarebytes to our current deployments of VIPRE Anti-Virus, the combo proved to be unmatched in catching new vulnerabilities, PUP’s (potentially unwanted programs) and zero-hour malware on live client machines. There’s no better real-world test than that!
Below is a partial list of benefits our clients can gain by adding the power of Malwarebytes to their existing security strategy:
- New River Computing will be able to identify and respond to malware threats in real-time.
- Compatibility with VIPRE Anti-Virus and most other major endpoint security products.
- Detects zero-hour and known Trojans, worms, rootkits, adware, and spyware in real-time.
- File execution blocking prevents malicious threats from executing code and quarantines them.
- Real-time malicious website blocking prevents access to and from known malicious IP addresses.
- Ensures data security and network integrity. Reduces IT helpdesk tickets, ensures user productivity.
- Protects users from downloading malware, hacking attempts, redirects to malicious websites, and “malvertising.”
- Reduce endpoint and network downtime due to malware remediation.
- Prevent data theft.
In addition to all of these benefits, New River Computing can also leverage the power of Threat View to monitor security stats in real-time. It affords us the capability to aggregate the data necessary to evaluate potentially malicious threats on client networks and track user access to potentially malicious websites. Data is streamed to us in convenient chart formats for more efficient security assessment and analysis. We can also track malicious activity on networks by IP address and user login.
You can see why all of these benefits are a must-have in regards to strengthening existing security infrastructures. To find out more about implementing Malwarebytes Anti-Malware technology in your business, please contact Shana, our Business Development Manager and she will fill you in on how easy it is to get started.
Stay Safe!